US5396609A - Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions - Google Patents
Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions Download PDFInfo
- Publication number
- US5396609A US5396609A US07/466,960 US46696090A US5396609A US 5396609 A US5396609 A US 5396609A US 46696090 A US46696090 A US 46696090A US 5396609 A US5396609 A US 5396609A
- Authority
- US
- United States
- Prior art keywords
- memory
- region
- access
- level
- associating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
Definitions
- the present invention relates to a method for real-time monitoring of address regions in data processing machines, i.e. computers, particularly of such popular types as computers sold under the trademark "IBM” by International Business Machines Corp., Old Orchard Road, Armonk, N.Y. 10504 and compatibles, computers sold under the trademark “Apple” by Apple Computer, Inc., 20525 Mariani Avenue, Cupertino, Calif. 95014, computers sold under the trademark "Commodore” by Commodore Business Machines, Inc., 1200 Wilson Drive, Brandywine Industrial Park, West Chester, Pa. 19380, and computers and microcomputers sold under the trademarks "PDP,” “LSI,” and “VAX” by Digital Equipment Corp., 6 Tech Drive, Andover, Mass. 01810.
- the present invention relates to a method of real time monitoring of the address regions of memories of data processing devices wherein access to a system bus may be obtained.
- the method provides for protection of data processing machines and the data stored therein against unauthorized access as well as protection of their operating systems against modifications.
- Prior art systems employ hierarchical levels for this purpose so as to prevent lower privilege levels from accessing higher ones.
- blockages between higher and lower levels can be circumvented.
- the basic problem in a conventional hierarchical structure is that the structure can be changed (and must be capable of change) by means of software; that is, during processing of programs, the processor operates in the various privilege levels which are changed by the software and by jump (go-to) instructions (e.g. by manipulation in the stack region of the computer memory).
- jump (go-to) instructions e.g. by manipulation in the stack region of the computer memory.
- the object is attained according to the invention by a method of real-time monitoring of the memory regions in a data processing device which includes associating selected memory regions of the computer with different access levels, each level having authorized memory operations assigned thereto, storing the associations of memory regions and access levels, and detecting an attempted level of access to a memory region, which is not associated with the memory region.
- a safety device (hardware) is added to the data processing machine so that an additional safeguard is realized for the system software.
- This safety device contains a monitoring circuit which can be programmed only once. Once the programming of the monitoring circuit has been completed, further access to it is no longer possible without a direct mechanical adjustment of the device. The safety device can thus not be made inoperative by external programs.
- the safety device is composed of a hardware module (typically in the form of a card) which is inserted into the respective computer or is incorporated in the computer during manufacture. Once the safety device is in place, monitoring of the computer to assure its continued presence, although possible, is not necessary during operation of the computer since extraction of the module produces short circuits which prevent the computer from operating properly.
- a hardware module typically in the form of a card
- the module is a circuit built up on a printed circuit board which is inserted into the respective computer.
- a routine may be provided in the operating system which determines whether the card has been inserted.
- the present circuit has the advantage that considerable improvements in the protection against unauthorized access to the computer and its data can be realized with only slight changes to the operating system.
- the module At the start of the computer's operating system, i.e. when the computer is first turned on, the module is programmed in such a way that access to certain memory or port addresses is permitted only under certain conditions corresponding to seven levels to be described below, the levels being associated with particular regions of the computer memory:
- Reading out of and writing into the memory cells or memory locations of a first region of the computer's memory is not possible; programs can be started only from certain program locations of the first region.
- Reading out of and writing into the memory cells in a second region of the computer's memory is not permitted; programs can be run from all program locations of this region.
- Reading out of memory cells of a third region of the computer's memory is permitted from certain portions of this region; but no running of programs in this region is permitted.
- Reading out of and writing into memory cells of a fourth region of the computer's memory is permitted from certain portions of this region; but running of programs from this region is not permitted.
- Reading out of memory cells of a fifth region of the computer's memory is permitted from certain portions of this region; running of programs from this region is permitted.
- Reading out of and writing into memory cells of a sixth region of the computer's memory is permitted from certain portions of this region; running of programs from this region is permitted.
- Reading out of and writing into all cells in a seventh region of the computer memory is always permitted.
- a memory could, for example, be subdivided according to the above-listed levels so that the operating system is assigned to level 0; the system data, important jump instructions and peripheral addresses are assigned to levels 2 and 3; the jumps into the system routine are assigned to level 1; and user programs are assigned to level 6.
- a region is comprised of single memory cells or memory locations that can be chosen independently (i.e., randomly).
- a simplification of the system can be realized if no differentiation is made between access to the computer's memory for running programs on the one hand, and reading from and writing into memory cells on the other. Then levels 2 and 3 remain.
- the computer systems to be protected can be roughly divided into two classes:
- BIOS Basic Input/Output System
- access protection can be circumvented in many ways, for example input-output routines may be redirected to circumvent the protection provided by passwords. In this case, it is particularly important for the jump instructions not to be changed by the processor in a supervisor state. This can be ensured by the present invention.
- FIGURE illustrates a block diagram of a circuit for monitoring memory regions.
- Processors e.g. PC's, available on the market are equipped with outputs which indicate, in addition to the memory address, the respective type of access.
- these outputs are employed to make available: a momentary program counter address (stored in a program counter register 1) on lines 102, the type of access on lines 301 to 304, and the momentary memory address (port or cell address in the computer memory 17) on address bus 100.
- a suitable circuit such as a random access memory (RAM) 3 with the permissible accesses stored, for example, as a look-up table, in the memory 3, and are examined for authorization.
- RAM random access memory
- Memory 3 and its look-up table are configured in such a way that write-in access to the table can be blocked by a flip-flop 12, which receives a control signal from bus 300 in response to a software instruction, and an AND-gate 18.
- a flip-flop 12 which receives a control signal from bus 300 in response to a software instruction
- an AND-gate 18 Advisably, after programming of the look-up table in the memory 3, renewed access thereto is possible only by way of a hardware switch 13. When switch 13 is actuated, it connects one input of OR gate 23 to a terminal 25 that is kept at a positive supply potential.
- a logic unit 14 for example a programmable array logic (PAL), is provided to emit various signals in response to detection of an unauthorized access to the computer memory 17. If a memory cell or location (identified by the address on address bus 100) of the computer memory 17 of the computer to be protected, is accessed without authorization, logic unit 14 is activated via line 104 through AND-gate 20, and any possible write-in access on line 500 to a memory cell of the computer memory 17 identified on address bus 100, is blocked by the output of AND-gate 20 at AND-gate 22 via an inverter 21. Additionally, further writing into program counter register 1 is blocked by a signal from logic unit 14 at an AND-gate 15. The logic unit 14 also emits a signal on an interrupt line which is part of bus 300. In response to the interrupt, the operating system reads the program counter state (last program address) on line 102 via driver 16, and stops the program which initiated the unauthorized access.
- PAL programmable array logic
- the association of the access levels with the regions of the computer memory 17 effected by memory 3 is, at the start-up of the computer, initiated by connecting the memory 3 via a multiplexer 2 to the address bus 100, and via a driver 4 to a data bus 200. Such connections are made in response to an actuation signal on line 105 created by AND-gate 18. Multiplexer 2 responds to the actuation signal by selecting the signals supplied to its input port A, that is, the current address signals on bus 100.
- the data can be written into memory 3 by way of data bus 200, via driver 4 (which is actuated by the signal on line 105) and line 104.
- Line 105 is connected by way of AND gate 18 and a decoder 11 to address bus 100 and control bus 300, from where the actuation signal originates.
- the selector 11 may be part of a PAL (programmable array logic).
- the decoder 11 activates one of the lines 131/132/133 when recognizing respective signals from the buses 100 and 300.
- the addresses in the memory 17 of: (1) programs which are run, (2) memory cells being accessed for a read operation or a write operation, (3) memory cells being (or to be) written into, and (4) memory cells containing data being read, are detected with the aid of an access detector 10 (which may be a PAL).
- the access detector activates the following lines for the respective accesses:
- control data on bus 300 indicates that the content of a memory cell or location in memory 17 is being loaded into the CPU as an operation code, whereupon the relevant address is fed into the program counter register 1;
- line 302 is activated if control data on bus 300 indicates that access is being made to a memory cell in memory 17;
- control data on bus 300 indicates that data is being read out of a memory cell (port address) in memory 17;
- control data on bus 300 indicates data are being written into a memory cell or location in memory 17.
- address bus 100 is connected via input port B of multiplexer 2 to the input lines 103 of memory 3 if line 105 is not activated.
- the address bus 100 is connected with the address bus of the CPU.
- One of the two inputs from address bus 100 to the multiplexer 2 is supplied to input port A of multiplexer 2 and used for programming the memory 3, if line 105 is activated.
- multiplexer 2 selects the other input from bus 100, which is supplied to input port B of multiplexer 2 along with the signals on status lines 301-304 and the last program counter address from register 1 on lines 102.
- memory 17 can be divided into two zones on the basis of the most significant address bit, into four zones on the basis of the first two most significant address bits, and so forth.
- the last program counter address is stored in register 1 due to a signal from line 301 via AND-gate 15 and line 305.
- the last program counter address stored in register 1 is transmitted by lines 102 via multiplexer 2 together with the momentary address on address bus 100 and access data on status lines 301, 302, 303 and 304 to the address input of memory 3.
- the access address, the type of access and the program address from which access occurs are provided to the memory 3, where they are compared to the authorized access data stored therein.
- the output on line 104 from memory 3 is conducted via AND-gate 20 to the logic unit 14 which either performs an interrupt on the program being run via control lines 300 or stops the computer via lines 300, and emits an alarm signal via loudspeaker 402. Additionally, further writing into register 1 is prevented in that AND-gate 15 is blocked by a signal from logic unit 14 via line 401.
- the program counter address in register 1 can then be read out via lines 102 and driver 16 onto data bus 200, in response to a signal on bus 300 which activates the driver 16 via selector 11 and line 132.
- the program performing the unauthorized access can be identified.
- computer memory 17 is blocked by the output of AND-gate 20 via line 108, inverter 21, line 109 and AND-gate 22.
- register 1 which stores the last program address (last program counter state), and parts of the associated logic unit (access detector 10) are omitted.
- Memory 3 need then only have half the memory region. However, since the unauthorized access is no longer localized, the system is then suitable only for smaller systems since the computer should be stopped if there is an unauthorized access.
Abstract
A method of protecting programs and data in computers against unauthorized access and modifications employs a programmable hardware circuit to monitor memory regions of a computer. The memory regions are divided into different access levels, and the circuit is programmed to permit access only to predetermined regions. If an unauthorized access is attempted by a program, an address corresponding to the program location initiating the unauthorized access is detected and the program is stopped. This ensures that the procedures for protecting the operating system cannot be circumvented to gain unauthorized access to data of any type. After programming of the circuit is completed, the programming cannot be changed except by actuation of a hardware switch or by re-starting the computer. Removal of the circuit will cause short circuits, thus making it impossible to shut the circuit off without being detected.
Description
The present invention relates to a method for real-time monitoring of address regions in data processing machines, i.e. computers, particularly of such popular types as computers sold under the trademark "IBM" by International Business Machines Corp., Old Orchard Road, Armonk, N.Y. 10504 and compatibles, computers sold under the trademark "Apple" by Apple Computer, Inc., 20525 Mariani Avenue, Cupertino, Calif. 95014, computers sold under the trademark "Commodore" by Commodore Business Machines, Inc., 1200 Wilson Drive, Brandywine Industrial Park, West Chester, Pa. 19380, and computers and microcomputers sold under the trademarks "PDP," "LSI," and "VAX" by Digital Equipment Corp., 6 Tech Drive, Andover, Mass. 01810. The trademarks "PDP," "LSI," and "VAX" are acronyms standing for Programmable Data Processor, Large Scale Integration, and Virtual Address Extension, respectively. More particularly, the present invention relates to a method of real time monitoring of the address regions of memories of data processing devices wherein access to a system bus may be obtained. The method provides for protection of data processing machines and the data stored therein against unauthorized access as well as protection of their operating systems against modifications.
Prior art systems employ hierarchical levels for this purpose so as to prevent lower privilege levels from accessing higher ones. However, with skilled programming and if there are errors in the operating system, blockages between higher and lower levels can be circumvented. The basic problem in a conventional hierarchical structure is that the structure can be changed (and must be capable of change) by means of software; that is, during processing of programs, the processor operates in the various privilege levels which are changed by the software and by jump (go-to) instructions (e.g. by manipulation in the stack region of the computer memory). Although it is possible in principle to monitor important components as to whether any unauthorized modifications have been made, such monitoring takes up computer capacity and, again, can be circumvented by computer programs.
It is an object of the present invention to improve the above mentioned method in such a way that protection of the programs and data stored in the computer memory is ensured even if manipulations occur in the status of the processor and if attempts are made to manipulate the operating system.
The object is attained according to the invention by a method of real-time monitoring of the memory regions in a data processing device which includes associating selected memory regions of the computer with different access levels, each level having authorized memory operations assigned thereto, storing the associations of memory regions and access levels, and detecting an attempted level of access to a memory region, which is not associated with the memory region.
In the method employed according to the invention, a safety device (hardware) is added to the data processing machine so that an additional safeguard is realized for the system software. One feature of this safety device is that it contains a monitoring circuit which can be programmed only once. Once the programming of the monitoring circuit has been completed, further access to it is no longer possible without a direct mechanical adjustment of the device. The safety device can thus not be made inoperative by external programs.
The safety device is composed of a hardware module (typically in the form of a card) which is inserted into the respective computer or is incorporated in the computer during manufacture. Once the safety device is in place, monitoring of the computer to assure its continued presence, although possible, is not necessary during operation of the computer since extraction of the module produces short circuits which prevent the computer from operating properly.
Advisably, the module is a circuit built up on a printed circuit board which is inserted into the respective computer. To prevent starting of the computer with the card pulled out, a routine may be provided in the operating system which determines whether the card has been inserted.
The present circuit has the advantage that considerable improvements in the protection against unauthorized access to the computer and its data can be realized with only slight changes to the operating system.
At the start of the computer's operating system, i.e. when the computer is first turned on, the module is programmed in such a way that access to certain memory or port addresses is permitted only under certain conditions corresponding to seven levels to be described below, the levels being associated with particular regions of the computer memory:
Level 0:
Reading out of and writing into the memory cells or memory locations of a first region of the computer's memory is not possible; programs can be started only from certain program locations of the first region.
Level 1:
Reading out of and writing into the memory cells in a second region of the computer's memory is not permitted; programs can be run from all program locations of this region.
Level 2:
Reading out of memory cells of a third region of the computer's memory is permitted from certain portions of this region; but no running of programs in this region is permitted.
Level 3:
Reading out of and writing into memory cells of a fourth region of the computer's memory is permitted from certain portions of this region; but running of programs from this region is not permitted.
Level 4:
Reading out of memory cells of a fifth region of the computer's memory is permitted from certain portions of this region; running of programs from this region is permitted.
Level 5:
Reading out of and writing into memory cells of a sixth region of the computer's memory is permitted from certain portions of this region; running of programs from this region is permitted.
Level 6:
Reading out of and writing into all cells in a seventh region of the computer memory is always permitted.
A memory could, for example, be subdivided according to the above-listed levels so that the operating system is assigned to level 0; the system data, important jump instructions and peripheral addresses are assigned to levels 2 and 3; the jumps into the system routine are assigned to level 1; and user programs are assigned to level 6. A region is comprised of single memory cells or memory locations that can be chosen independently (i.e., randomly).
Upon the occurrence of an unauthorized access to a memory cell of the computer's memory, the following possibilities for a response exist:
(1) The computer is always stopped and an alarm is sounded.
(2) The computer is stopped only for unauthorized write-in operations; for unauthorized read-out operations, the actuating program is identified and interrupted.
(3) If the hardware module is connected with the computer in such a way that unauthorized write-in instructions cannot be performed, then it is not necessary to stop the computer in this case and the above procedure in which the actuating program is identified and interrupted can be employed.
A simplification of the system can be realized if no differentiation is made between access to the computer's memory for running programs on the one hand, and reading from and writing into memory cells on the other. Then levels 2 and 3 remain.
The computer systems to be protected can be roughly divided into two classes:
(1) single-user systems, e.g. PC's (personal computers); and
(2) multi-user systems, e.g. VAX, networked PC's.
For single-user systems, such as the PC, the so-called viruses constitute a danger for stored data. Here protection can be realized in that for data base access only the program sequences predetermined by the operating system are permitted and direct access to BIOS (Basic Input/Output System) is blocked by the method of the invention. Additionally, this method can be employed to monitor attempts to change the operating system.
For multi-user systems, such as the VAX or networked PC's, data bases are usually provided with access protection. However, this access protection can be circumvented in many ways, for example input-output routines may be redirected to circumvent the protection provided by passwords. In this case, it is particularly important for the jump instructions not to be changed by the processor in a supervisor state. This can be ensured by the present invention.
These and other aspects of the invention may be more completely understood from the following detailed description of the preferred embodiment with reference to the single appended FIGURE, which illustrates a block diagram of a circuit for monitoring memory regions.
Processors, e.g. PC's, available on the market are equipped with outputs which indicate, in addition to the memory address, the respective type of access. Referring to the FIGURE, these outputs, respectively provided on address bus 100 and control bus 300, are employed to make available: a momentary program counter address (stored in a program counter register 1) on lines 102, the type of access on lines 301 to 304, and the momentary memory address (port or cell address in the computer memory 17) on address bus 100. These data are compared by means of a suitable circuit such as a random access memory (RAM) 3 with the permissible accesses stored, for example, as a look-up table, in the memory 3, and are examined for authorization. Memory 3 and its look-up table are configured in such a way that write-in access to the table can be blocked by a flip-flop 12, which receives a control signal from bus 300 in response to a software instruction, and an AND-gate 18. Advisably, after programming of the look-up table in the memory 3, renewed access thereto is possible only by way of a hardware switch 13. When switch 13 is actuated, it connects one input of OR gate 23 to a terminal 25 that is kept at a positive supply potential.
A logic unit 14, for example a programmable array logic (PAL), is provided to emit various signals in response to detection of an unauthorized access to the computer memory 17. If a memory cell or location (identified by the address on address bus 100) of the computer memory 17 of the computer to be protected, is accessed without authorization, logic unit 14 is activated via line 104 through AND-gate 20, and any possible write-in access on line 500 to a memory cell of the computer memory 17 identified on address bus 100, is blocked by the output of AND-gate 20 at AND-gate 22 via an inverter 21. Additionally, further writing into program counter register 1 is blocked by a signal from logic unit 14 at an AND-gate 15. The logic unit 14 also emits a signal on an interrupt line which is part of bus 300. In response to the interrupt, the operating system reads the program counter state (last program address) on line 102 via driver 16, and stops the program which initiated the unauthorized access.
The association of the access levels with the regions of the computer memory 17 effected by memory 3 is, at the start-up of the computer, initiated by connecting the memory 3 via a multiplexer 2 to the address bus 100, and via a driver 4 to a data bus 200. Such connections are made in response to an actuation signal on line 105 created by AND-gate 18. Multiplexer 2 responds to the actuation signal by selecting the signals supplied to its input port A, that is, the current address signals on bus 100.
Then, due to the actuation signal on line 105, the data can be written into memory 3 by way of data bus 200, via driver 4 (which is actuated by the signal on line 105) and line 104. Line 105 is connected by way of AND gate 18 and a decoder 11 to address bus 100 and control bus 300, from where the actuation signal originates. The selector 11 may be part of a PAL (programmable array logic). The decoder 11 activates one of the lines 131/132/133 when recognizing respective signals from the buses 100 and 300.
When the computer is started, flip-flop 12 is reset (Q=1) by a signal on control bus 300 via a reset line 201 and the OR gate 23, thereby to control AND-gate 18 via line 152. Thus, write-in access to memory 3 is activated on line 105 via AND-gate 18. Write-in access to memory 3 is then possible as a result of an access actuation signal from control bus 300 through decoder 11 directed to memory 3 via line 133 and AND-gate 18. Logic unit 14 is blocked by way of AND-gate 20. At the end of programming (writing in) of the memory 3, further write-in access is blocked by activation of a line 131 with a signal from control bus 300 through decoder 11 to set flip-flop 12, causing AND-gate 18 to be blocked via line 152, and AND-gate 20 is enabled via line 153. Thus, unauthorized access can now be detected.
During operation of the computer, the addresses in the memory 17 of: (1) programs which are run, (2) memory cells being accessed for a read operation or a write operation, (3) memory cells being (or to be) written into, and (4) memory cells containing data being read, are detected with the aid of an access detector 10 (which may be a PAL). The access detector activates the following lines for the respective accesses:
These lines, together with address bus 100 and program address lines 102, are connected via input port B of multiplexer 2 to the input lines 103 of memory 3 if line 105 is not activated. The address bus 100 is connected with the address bus of the CPU.
One of the two inputs from address bus 100 to the multiplexer 2 is supplied to input port A of multiplexer 2 and used for programming the memory 3, if line 105 is activated. When programming of memory 3 is completed and line 105 is not activated, multiplexer 2 selects the other input from bus 100, which is supplied to input port B of multiplexer 2 along with the signals on status lines 301-304 and the last program counter address from register 1 on lines 102.
It is advantageous to divide the memory region into certain zones. For example, memory 17 can be divided into two zones on the basis of the most significant address bit, into four zones on the basis of the first two most significant address bits, and so forth. One then forms program blocks to which the respective access levels are assigned. Omitting the lower order address bits (that is, address bits that are less significant than those needed to attain the desired zones in memory 17) avoids unnecessary subdivisions. Omitting the lower order address bits also reduces the memory requirements for memory 3, so input port B of multiplexer 2 need not pass them from address bus 100 to lines 103.
If line 301 was activated and gets deactivated, then the last program counter address is stored in register 1 due to a signal from line 301 via AND-gate 15 and line 305. The last program counter address stored in register 1 is transmitted by lines 102 via multiplexer 2 together with the momentary address on address bus 100 and access data on status lines 301, 302, 303 and 304 to the address input of memory 3. As a result, the access address, the type of access and the program address from which access occurs, are provided to the memory 3, where they are compared to the authorized access data stored therein.
The output on line 104 from memory 3 is conducted via AND-gate 20 to the logic unit 14 which either performs an interrupt on the program being run via control lines 300 or stops the computer via lines 300, and emits an alarm signal via loudspeaker 402. Additionally, further writing into register 1 is prevented in that AND-gate 15 is blocked by a signal from logic unit 14 via line 401.
During unauthorized access, the program counter address in register 1 can then be read out via lines 102 and driver 16 onto data bus 200, in response to a signal on bus 300 which activates the driver 16 via selector 11 and line 132. Thus the program performing the unauthorized access can be identified. For unauthorized write-in accesses, computer memory 17 is blocked by the output of AND-gate 20 via line 108, inverter 21, line 109 and AND-gate 22.
Another simplification of the structure is possible if register 1, which stores the last program address (last program counter state), and parts of the associated logic unit (access detector 10) are omitted. Memory 3 need then only have half the memory region. However, since the unauthorized access is no longer localized, the system is then suitable only for smaller systems since the computer should be stopped if there is an unauthorized access.
It will be understood that the above description of the present invention is susceptible to various modifications, changes and adaptations, and the same are intended to be comprehended within the meaning and range of equivalents of the appended claims.
Claims (9)
1. A method of real-time monitoring of memory regions in a data processing device having a plurality of bus lines and having a memory with a plurality of memory locations, with each memory region including a plurality of memory locations, said method comprising the steps of:
associating selected memory regions of the memory with different access levels, an access level associated with a memory region indicating whether read operations from that memory region are authorized, whether write operations to that memory region are authorized, and whether program running operations from that memory region are authorized;
storing the associations of memory regions and access levels;
comparing a level of an attempted access and a memory region to which the attempted access is directed with the stored associations, the comparing step comprising the step of checking signals on at least some of the bus lines; and
detecting if the level of the attempted access and the memory region are not among the stored associations, thereby to detect an unauthorized attempted access; and,
wherein said step of associating includes the steps of:
associating a first region of the memory with a zeroth level of access defined by prohibiting reading out of and writing into predetermined memory locations of the first region and permitting programs to be started only from certain memory locations in the first region;
associating a second region of the memory with a first level of access defined by prohibiting reading out of and writing into predetermined memory locations of the second region and permitting programs to be run from all memory locations in the second region;
associating a third region of the memory with a second level of access defined by permitting reading out of memory locations of only certain portions of the third region and prohibiting programs from being run from all memory locations in the third region;
associating a fourth region of the memory with a third level of access defined by permitting reading out of and reading into memory locations of only certain portions of the fourth region and prohibiting programs from being run from all memory locations in the fourth region;
associating a fifth region of the memory with a fourth level of access defined by permitting reading out of memory locations of only certain portions of the fifth region and permitting programs to be run from all memory locations in the fifth region;
associating a sixth region of the memory with a fifth level of access defined by permitting reading out of and reading into memory locations of only certain portions of the sixth region and permitting programs to be run from all memory locations in the sixth region; and
associating a seventh region of the memory with a sixth level of access defined by permitting reading out of and reading into all memory locations of the seventh region.
2. A method as in claim 1, wherein said step of detecting includes the step of detecting a program from which the unauthorized attempted access is made.
3. A method as in claim 1, wherein said step of detecting includes the step of detecting an attempted access which includes unauthorized instructions to write into the memory regions of the data processing device, the method further comprising the step of blocking the writing.
4. A method as in claim 1, further comprising the steps of stopping the data processing device and sounding an alarm in response to a detection of any attempted unauthorized access to a memory location.
5. A method as in claim 1, further comprising the steps of:
interrupting the data processing device in response to a detection of an attempted unauthorized access for writing into a memory location, and
identifying and interrupting a program in response to a detection of an attempted unauthorized access for writing into a memory location.
6. A method as defined in claim 1, wherein said step of storing comprises the step of storing the associations of memory regions and access levels as a look-up table in a random access memory.
7. A method as defined in claim 1, further comprising the step of identifying a program initiating an unauthorized attempted access, said step of identifying including the step of storing a last program counter address of the program in a register.
8. A method as in claim 1, wherein said step of storing comprises the step of storing the associations of memory regions and access levels in an additional memory, and wherein the method further comprises the step of blocking writing into the additional memory after the associations have been stored in the additional memory.
9. A method as in claim 8, further comprising the step of unblocking writing into the additional memory, the step of unblocking writing including actuating a switch.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE3901457.6 | 1989-01-19 | ||
| DE3901457A DE3901457A1 (en) | 1989-01-19 | 1989-01-19 | METHOD FOR ADDRESS AREA MONITORING IN REAL-TIME DATA PROCESSING DEVICES |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US5396609A true US5396609A (en) | 1995-03-07 |
Family
ID=6372377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US07/466,960 Expired - Fee Related US5396609A (en) | 1989-01-19 | 1990-01-18 | Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions |
Country Status (7)
| Country | Link |
|---|---|
| US (1) | US5396609A (en) |
| BE (1) | BE1003791A5 (en) |
| DE (1) | DE3901457A1 (en) |
| DK (1) | DK14790A (en) |
| FR (1) | FR2641880B1 (en) |
| GB (1) | GB2228350B (en) |
| IT (1) | IT1236919B (en) |
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5564040A (en) * | 1994-11-08 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a server function in a logically partitioned hardware machine |
| US5596739A (en) * | 1994-02-08 | 1997-01-21 | Meridian Semiconductor, Inc. | Method and apparatus for detecting memory segment violations in a microprocessor-based system |
| US5598531A (en) * | 1991-05-13 | 1997-01-28 | William Stanley Hill | Method and apparatus for preventing "disease" damage in computer systems |
| US5668973A (en) * | 1995-04-14 | 1997-09-16 | Ascom Hasler Mailing Systems Ag | Protection system for critical memory information |
| WO1998011690A1 (en) * | 1996-09-12 | 1998-03-19 | Glover John J | Self-decrypting digital information system and method |
| US5737760A (en) * | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
| WO1998019420A1 (en) * | 1996-10-25 | 1998-05-07 | Intel Corporation | A circuit and method for ensuring interconnect security within a multi-chip integrated circuit package |
| US5860099A (en) * | 1993-05-12 | 1999-01-12 | Usar Systems, Inc. | Stored program system with protected memory and secure signature extraction |
| US5924123A (en) * | 1996-04-24 | 1999-07-13 | Kabushiki Kaisha Toshiba | Semiconductor storage apparatus with copy guard function |
| US5949881A (en) * | 1995-12-04 | 1999-09-07 | Intel Corporation | Apparatus and method for cryptographic companion imprinting |
| US5958015A (en) * | 1996-10-29 | 1999-09-28 | Abirnet Ltd. | Network session wall passively listening to communication session, with use of access rules, stops further communication between network devices by emulating messages to the devices |
| US5991895A (en) * | 1995-05-05 | 1999-11-23 | Silicon Graphics, Inc. | System and method for multiprocessor partitioning to support high availability |
| US6049876A (en) * | 1998-02-09 | 2000-04-11 | Motorola, Inc. | Data processing system and method which detect unauthorized memory accesses |
| US6073239A (en) * | 1995-12-28 | 2000-06-06 | In-Defense, Inc. | Method for protecting executable software programs against infection by software viruses |
| US6154818A (en) * | 1997-11-20 | 2000-11-28 | Advanced Micro Devices, Inc. | System and method of controlling access to privilege partitioned address space for a model specific register file |
| US6253224B1 (en) | 1998-03-24 | 2001-06-26 | International Business Machines Corporation | Method and system for providing a hardware machine function in a protected virtual machine |
| US20010049794A1 (en) * | 2000-05-24 | 2001-12-06 | Yu-Guang Chen | Write protection software for programmable chip |
| US20020103783A1 (en) * | 2000-12-01 | 2002-08-01 | Network Appliance, Inc. | Decentralized virus scanning for stored data |
| US6516395B1 (en) | 1997-11-20 | 2003-02-04 | Advanced Micro Devices, Inc. | System and method for controlling access to a privilege-partitioned address space with a fixed set of attributes |
| US20030046542A1 (en) * | 2001-09-04 | 2003-03-06 | Hewlett-Packard Company | Method and apparatus for using a secret in a distributed computing system |
| US6583945B1 (en) | 1998-10-30 | 2003-06-24 | Iomega Corporation | Method for irreversibly write-securing a magnetic storage cartridge |
| US20030177379A1 (en) * | 2002-03-14 | 2003-09-18 | Sanyo Electric Co., Ltd. | Storing device allowing arbitrary setting of storage region of classified data |
| US20030204754A1 (en) * | 2002-04-26 | 2003-10-30 | International Business Machines Corporation | Controlling access to data stored on a storage device of a computer system |
| US6658570B1 (en) | 1998-10-08 | 2003-12-02 | International Business Machines Corporation | Method and system in a data processing system for activating a password requirement utilizing a wireless signal |
| US6681238B1 (en) * | 1998-03-24 | 2004-01-20 | International Business Machines Corporation | Method and system for providing a hardware machine function in a protected virtual machine |
| US20040230795A1 (en) * | 2000-12-01 | 2004-11-18 | Armitano Robert M. | Policy engine to control the servicing of requests received by a storage server |
| US20050066178A1 (en) * | 2000-07-31 | 2005-03-24 | Rowe Vernon E. | Method and apparatus for controlling access to memory |
| US20050108488A1 (en) * | 2001-09-21 | 2005-05-19 | Peter Rohm | Programme-controlled unit |
| US20060265542A1 (en) * | 2005-05-18 | 2006-11-23 | Xiaowei Shen | Cache line replacement monitoring and profiling |
| US20070192646A1 (en) * | 2006-02-16 | 2007-08-16 | Moore Charles H | Asynchronous power saving computer |
| US20070192576A1 (en) * | 2006-02-16 | 2007-08-16 | Moore Charles H | Circular register arrays of a computer |
| US20070192570A1 (en) * | 2006-02-16 | 2007-08-16 | Moore Charles H | Execution of instructions directly from input source |
| CN100356286C (en) * | 2001-11-01 | 2007-12-19 | 英特尔公司 | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
| US20080270648A1 (en) * | 2007-04-27 | 2008-10-30 | Technology Properties Limited | System and method for multi-port read and write operations |
| US20090300372A1 (en) * | 2008-05-28 | 2009-12-03 | Samsung Electronics Co., Ltd. | Solid state disk and input/output method |
| US20100023730A1 (en) * | 2008-07-24 | 2010-01-28 | Vns Portfolio Llc | Circular Register Arrays of a Computer |
| US20100191961A1 (en) * | 2002-05-13 | 2010-07-29 | Qst Holdings, Inc. | Method and system achieving individualized protected space in an operating system |
| US7783666B1 (en) | 2007-09-26 | 2010-08-24 | Netapp, Inc. | Controlling access to storage resources by using access pattern based quotas |
| US7904615B2 (en) | 2006-02-16 | 2011-03-08 | Vns Portfolio Llc | Asynchronous computer communication |
| US7937557B2 (en) | 2004-03-16 | 2011-05-03 | Vns Portfolio Llc | System and method for intercommunication between computers in an array |
| US7966481B2 (en) | 2006-02-16 | 2011-06-21 | Vns Portfolio Llc | Computer system and method for executing port communications without interrupting the receiving computer |
| USRE44131E1 (en) | 1995-06-02 | 2013-04-02 | Fujitsu Limited | Storage device having function for coping with computer virus |
| DE102014206006A1 (en) * | 2014-03-31 | 2015-10-01 | Siemens Aktiengesellschaft | Method and device for manipulation protection of a computing device |
| US20160070501A1 (en) * | 2000-08-08 | 2016-03-10 | Faronics Corporation | Method and system for automatically preserving persistent storage |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2248324B (en) * | 1990-09-25 | 1994-04-06 | Uken | Security in a computer apparatus |
| DE4115152C2 (en) * | 1991-05-08 | 2003-04-24 | Gao Ges Automation Org | Card-shaped data carrier with a data-protecting microprocessor circuit |
| CA2123001A1 (en) * | 1991-11-05 | 1993-05-13 | Thomas Joseph Rogers | Computer memory protection |
| EP0602867A1 (en) * | 1992-12-17 | 1994-06-22 | NCR International, Inc. | An apparatus for securing a system platform |
| DE10031209A1 (en) * | 2000-06-27 | 2002-01-17 | Wolfgang A Halang | Context-sensitive storage allocation device for digital computer, makes each application program to be addressable only through device-related and context-dependent access functions |
| JP2007304954A (en) * | 2006-05-12 | 2007-11-22 | Sharp Corp | Computer system having memory protecting function |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB1410631A (en) * | 1972-01-26 | 1975-10-22 | Plessey Co Ltd | Data processing system interrupt arrangements |
| FR2376461A1 (en) * | 1976-12-30 | 1978-07-28 | Ibm | HIERARCHICAL PROTECTION DEVICE IN A DATA PROCESSING SYSTEM |
| US4118789A (en) * | 1977-06-06 | 1978-10-03 | Allen-Bradley Company | Program protection module for programmable controller |
| EP0087956A2 (en) * | 1982-02-27 | 1983-09-07 | Fujitsu Limited | System for controlling key storage unit |
| FR2533736A1 (en) * | 1982-09-29 | 1984-03-30 | Apple Computer | MEMORY MANAGEMENT UNIT FOR A DIGITAL COMPUTER |
| EP0152024A2 (en) * | 1984-01-31 | 1985-08-21 | Kabushiki Kaisha Toshiba | Portable data storing/processing device |
| EP0171859A2 (en) * | 1984-08-17 | 1986-02-19 | Koninklijke Philips Electronics N.V. | Memory access control device for implementing guarded regions in a memory, and memory provided with such memory access control device |
| DE3514430A1 (en) * | 1985-04-20 | 1986-10-23 | Sartorius GmbH, 3400 Göttingen | METHOD FOR STORING DATA IN AN ELECTRICALLY CLEARABLE STORAGE AND ELECTRICALLY CLEARABLE STORAGE FOR CARRYING OUT THE METHOD |
| EP0208192A2 (en) * | 1985-06-27 | 1987-01-14 | Bull HN Information Systems Inc. | Memory stack for ring protection architecture |
| US4665506A (en) * | 1983-01-03 | 1987-05-12 | Texas Instruments Incorporated | Memory system with write protection |
| WO1987007060A1 (en) * | 1986-05-07 | 1987-11-19 | Smart Card Applications, Inc. | Ic card system |
| US4951249A (en) * | 1986-10-24 | 1990-08-21 | Harcom Security Systems Corp. | Method and apparatus for controlled access to a computer system |
| US4954982A (en) * | 1982-09-29 | 1990-09-04 | Fujitsu Limited | Method and circuit for checking storage protection by pre-checking an access request key |
| US4979098A (en) * | 1988-02-10 | 1990-12-18 | International Business Machines Corporation | Multiple address space token designation, protection controls, designation translation and lookaside |
| US5023773A (en) * | 1988-02-10 | 1991-06-11 | International Business Machines Corporation | Authorization for selective program access to data in multiple address spaces |
| US5027317A (en) * | 1989-03-17 | 1991-06-25 | Allen-Bradley Company, Inc. | Method and circuit for limiting access to a RAM program memory |
| US5043878A (en) * | 1985-02-18 | 1991-08-27 | Nec Corporation | System with real-time checking of privilege levels and the system's state to allow access to internal resources of the system |
| US5067077A (en) * | 1983-09-22 | 1991-11-19 | Fujitsu Limited | Single chip microcomputer having unauthorized memory space access protection |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DD230949A1 (en) * | 1982-12-17 | 1985-12-11 | Akad Wissenschaften Ddr | METHOD AND ARRANGEMENT FOR DATA PROTECTION IN MICRORECHNER SYSTEMS |
-
1989
- 1989-01-19 DE DE3901457A patent/DE3901457A1/en active Granted
- 1989-12-13 FR FR8916463A patent/FR2641880B1/en not_active Expired - Fee Related
- 1989-12-22 IT IT02281189A patent/IT1236919B/en active IP Right Grant
-
1990
- 1990-01-17 GB GB9001020A patent/GB2228350B/en not_active Expired - Fee Related
- 1990-01-17 BE BE9000060A patent/BE1003791A5/en not_active IP Right Cessation
- 1990-01-18 US US07/466,960 patent/US5396609A/en not_active Expired - Fee Related
- 1990-01-18 DK DK014790A patent/DK14790A/en not_active Application Discontinuation
Patent Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB1410631A (en) * | 1972-01-26 | 1975-10-22 | Plessey Co Ltd | Data processing system interrupt arrangements |
| FR2376461A1 (en) * | 1976-12-30 | 1978-07-28 | Ibm | HIERARCHICAL PROTECTION DEVICE IN A DATA PROCESSING SYSTEM |
| US4104721A (en) * | 1976-12-30 | 1978-08-01 | International Business Machines Corporation | Hierarchical security mechanism for dynamically assigning security levels to object programs |
| US4118789A (en) * | 1977-06-06 | 1978-10-03 | Allen-Bradley Company | Program protection module for programmable controller |
| EP0087956A2 (en) * | 1982-02-27 | 1983-09-07 | Fujitsu Limited | System for controlling key storage unit |
| US4954982A (en) * | 1982-09-29 | 1990-09-04 | Fujitsu Limited | Method and circuit for checking storage protection by pre-checking an access request key |
| FR2533736A1 (en) * | 1982-09-29 | 1984-03-30 | Apple Computer | MEMORY MANAGEMENT UNIT FOR A DIGITAL COMPUTER |
| GB2127994A (en) * | 1982-09-29 | 1984-04-18 | Apple Computer | Memory management unit for digital computer |
| US4665506A (en) * | 1983-01-03 | 1987-05-12 | Texas Instruments Incorporated | Memory system with write protection |
| US5067077A (en) * | 1983-09-22 | 1991-11-19 | Fujitsu Limited | Single chip microcomputer having unauthorized memory space access protection |
| EP0152024A2 (en) * | 1984-01-31 | 1985-08-21 | Kabushiki Kaisha Toshiba | Portable data storing/processing device |
| EP0171859A2 (en) * | 1984-08-17 | 1986-02-19 | Koninklijke Philips Electronics N.V. | Memory access control device for implementing guarded regions in a memory, and memory provided with such memory access control device |
| US5043878A (en) * | 1985-02-18 | 1991-08-27 | Nec Corporation | System with real-time checking of privilege levels and the system's state to allow access to internal resources of the system |
| DE3514430A1 (en) * | 1985-04-20 | 1986-10-23 | Sartorius GmbH, 3400 Göttingen | METHOD FOR STORING DATA IN AN ELECTRICALLY CLEARABLE STORAGE AND ELECTRICALLY CLEARABLE STORAGE FOR CARRYING OUT THE METHOD |
| US4811293A (en) * | 1985-04-20 | 1989-03-07 | Sartorius Gmbh | Method for storing data in an electrically erasable memory for carrying out this method |
| EP0208192A2 (en) * | 1985-06-27 | 1987-01-14 | Bull HN Information Systems Inc. | Memory stack for ring protection architecture |
| WO1987007060A1 (en) * | 1986-05-07 | 1987-11-19 | Smart Card Applications, Inc. | Ic card system |
| US4951249A (en) * | 1986-10-24 | 1990-08-21 | Harcom Security Systems Corp. | Method and apparatus for controlled access to a computer system |
| US4979098A (en) * | 1988-02-10 | 1990-12-18 | International Business Machines Corporation | Multiple address space token designation, protection controls, designation translation and lookaside |
| US5023773A (en) * | 1988-02-10 | 1991-06-11 | International Business Machines Corporation | Authorization for selective program access to data in multiple address spaces |
| US5027317A (en) * | 1989-03-17 | 1991-06-25 | Allen-Bradley Company, Inc. | Method and circuit for limiting access to a RAM program memory |
Non-Patent Citations (10)
| Title |
|---|
| "A Survey of Microprocessor Architectures for Memory Management," by B. Furht et al, Computer, Mar. 1987, pp. 48, 63-67. |
| "Interactive Work Station with Auxiliary Microprocessor for Storage Protection," IBM Technical Disclosure Bulletin, vol. 29, No. 11, Apr. 1987, 1987, pp. 4976-4982. |
| "Storage Keys Addressed by Logical or Physical Address Bus Under Program Control in IBM System/370," IBM Technical Disclosure Bulletin, vol. 31, No. 6, Nov. 1988, p. 353. |
| A Survey of Microprocessor Architectures for Memory Management, by B. Furht et al, Computer, Mar. 1987, pp. 48, 63 67. * |
| Carroll, "Implementing Multilevel Security by Violation Privilege," Computers and Security, vol. 7, No. 6, Dec. 1988, pp. 563-573. |
| Carroll, Implementing Multilevel Security by Violation Privilege, Computers and Security, vol. 7, No. 6, Dec. 1988, pp. 563 573. * |
| Groepler et al, "The Virtual MC68010," Mini-Micro Conference Record, Nov. 8-11, 1983, pp. 1-8. |
| Groepler et al, The Virtual MC68010, Mini Micro Conference Record, Nov. 8 11, 1983, pp. 1 8. * |
| Interactive Work Station with Auxiliary Microprocessor for Storage Protection, IBM Technical Disclosure Bulletin, vol. 29, No. 11, Apr. 1987, 1987, pp. 4976 4982. * |
| Storage Keys Addressed by Logical or Physical Address Bus Under Program Control in IBM System/370, IBM Technical Disclosure Bulletin, vol. 31, No. 6, Nov. 1988, p. 353. * |
Cited By (64)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5598531A (en) * | 1991-05-13 | 1997-01-28 | William Stanley Hill | Method and apparatus for preventing "disease" damage in computer systems |
| US5860099A (en) * | 1993-05-12 | 1999-01-12 | Usar Systems, Inc. | Stored program system with protected memory and secure signature extraction |
| US6453417B1 (en) | 1993-05-12 | 2002-09-17 | Usar Systems, Inc. | Microcontroller with secure signature extraction |
| US5596739A (en) * | 1994-02-08 | 1997-01-21 | Meridian Semiconductor, Inc. | Method and apparatus for detecting memory segment violations in a microprocessor-based system |
| US5564040A (en) * | 1994-11-08 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a server function in a logically partitioned hardware machine |
| US5668973A (en) * | 1995-04-14 | 1997-09-16 | Ascom Hasler Mailing Systems Ag | Protection system for critical memory information |
| US5991895A (en) * | 1995-05-05 | 1999-11-23 | Silicon Graphics, Inc. | System and method for multiprocessor partitioning to support high availability |
| USRE44131E1 (en) | 1995-06-02 | 2013-04-02 | Fujitsu Limited | Storage device having function for coping with computer virus |
| US5737760A (en) * | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
| US5949881A (en) * | 1995-12-04 | 1999-09-07 | Intel Corporation | Apparatus and method for cryptographic companion imprinting |
| US6073239A (en) * | 1995-12-28 | 2000-06-06 | In-Defense, Inc. | Method for protecting executable software programs against infection by software viruses |
| US5924123A (en) * | 1996-04-24 | 1999-07-13 | Kabushiki Kaisha Toshiba | Semiconductor storage apparatus with copy guard function |
| US6052780A (en) * | 1996-09-12 | 2000-04-18 | Open Security Solutions, Llc | Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information |
| WO1998011690A1 (en) * | 1996-09-12 | 1998-03-19 | Glover John J | Self-decrypting digital information system and method |
| GB2334416A (en) * | 1996-10-25 | 1999-08-18 | Intel Corp | A circuit and method for ensuring interconnect security within a multi-chip integrated cirecuit package |
| US5828753A (en) * | 1996-10-25 | 1998-10-27 | Intel Corporation | Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package |
| US6209098B1 (en) | 1996-10-25 | 2001-03-27 | Intel Corporation | Circuit and method for ensuring interconnect security with a multi-chip integrated circuit package |
| GB2334416B (en) * | 1996-10-25 | 2001-04-11 | Intel Corp | A circuit and method for ensuring interconnect security within a multi-chip integrated cirecuit package |
| WO1998019420A1 (en) * | 1996-10-25 | 1998-05-07 | Intel Corporation | A circuit and method for ensuring interconnect security within a multi-chip integrated circuit package |
| US5958015A (en) * | 1996-10-29 | 1999-09-28 | Abirnet Ltd. | Network session wall passively listening to communication session, with use of access rules, stops further communication between network devices by emulating messages to the devices |
| US6754713B1 (en) | 1996-10-29 | 2004-06-22 | Computer Associates Think, Inc. | System and method of controlling communication sessions |
| US6154818A (en) * | 1997-11-20 | 2000-11-28 | Advanced Micro Devices, Inc. | System and method of controlling access to privilege partitioned address space for a model specific register file |
| US6516395B1 (en) | 1997-11-20 | 2003-02-04 | Advanced Micro Devices, Inc. | System and method for controlling access to a privilege-partitioned address space with a fixed set of attributes |
| US6049876A (en) * | 1998-02-09 | 2000-04-11 | Motorola, Inc. | Data processing system and method which detect unauthorized memory accesses |
| US6253224B1 (en) | 1998-03-24 | 2001-06-26 | International Business Machines Corporation | Method and system for providing a hardware machine function in a protected virtual machine |
| US6681238B1 (en) * | 1998-03-24 | 2004-01-20 | International Business Machines Corporation | Method and system for providing a hardware machine function in a protected virtual machine |
| US6658570B1 (en) | 1998-10-08 | 2003-12-02 | International Business Machines Corporation | Method and system in a data processing system for activating a password requirement utilizing a wireless signal |
| US6583945B1 (en) | 1998-10-30 | 2003-06-24 | Iomega Corporation | Method for irreversibly write-securing a magnetic storage cartridge |
| US20010049794A1 (en) * | 2000-05-24 | 2001-12-06 | Yu-Guang Chen | Write protection software for programmable chip |
| US20050066178A1 (en) * | 2000-07-31 | 2005-03-24 | Rowe Vernon E. | Method and apparatus for controlling access to memory |
| US20160070501A1 (en) * | 2000-08-08 | 2016-03-10 | Faronics Corporation | Method and system for automatically preserving persistent storage |
| US20170364294A1 (en) * | 2000-08-08 | 2017-12-21 | Faronics Corporation | Method and system for automatically preserving persistent storage |
| US9785370B2 (en) * | 2000-08-08 | 2017-10-10 | Faronics Corporation | Method and system for automatically preserving persistent storage |
| US7778981B2 (en) | 2000-12-01 | 2010-08-17 | Netapp, Inc. | Policy engine to control the servicing of requests received by a storage server |
| US20040230795A1 (en) * | 2000-12-01 | 2004-11-18 | Armitano Robert M. | Policy engine to control the servicing of requests received by a storage server |
| US20020103783A1 (en) * | 2000-12-01 | 2002-08-01 | Network Appliance, Inc. | Decentralized virus scanning for stored data |
| US7523487B2 (en) * | 2000-12-01 | 2009-04-21 | Netapp, Inc. | Decentralized virus scanning for stored data |
| US20030046542A1 (en) * | 2001-09-04 | 2003-03-06 | Hewlett-Packard Company | Method and apparatus for using a secret in a distributed computing system |
| US7779267B2 (en) * | 2001-09-04 | 2010-08-17 | Hewlett-Packard Development Company, L.P. | Method and apparatus for using a secret in a distributed computing system |
| US20050108488A1 (en) * | 2001-09-21 | 2005-05-19 | Peter Rohm | Programme-controlled unit |
| CN100356286C (en) * | 2001-11-01 | 2007-12-19 | 英特尔公司 | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
| US20030177379A1 (en) * | 2002-03-14 | 2003-09-18 | Sanyo Electric Co., Ltd. | Storing device allowing arbitrary setting of storage region of classified data |
| US20030204754A1 (en) * | 2002-04-26 | 2003-10-30 | International Business Machines Corporation | Controlling access to data stored on a storage device of a computer system |
| US20100191961A1 (en) * | 2002-05-13 | 2010-07-29 | Qst Holdings, Inc. | Method and system achieving individualized protected space in an operating system |
| US7937557B2 (en) | 2004-03-16 | 2011-05-03 | Vns Portfolio Llc | System and method for intercommunication between computers in an array |
| US7457926B2 (en) | 2005-05-18 | 2008-11-25 | International Business Machines Corporation | Cache line replacement monitoring and profiling |
| US20060265542A1 (en) * | 2005-05-18 | 2006-11-23 | Xiaowei Shen | Cache line replacement monitoring and profiling |
| US20070192570A1 (en) * | 2006-02-16 | 2007-08-16 | Moore Charles H | Execution of instructions directly from input source |
| US20110185088A1 (en) * | 2006-02-16 | 2011-07-28 | Moore Charles H | Asynchronous computer communication |
| US20070192646A1 (en) * | 2006-02-16 | 2007-08-16 | Moore Charles H | Asynchronous power saving computer |
| US20070192576A1 (en) * | 2006-02-16 | 2007-08-16 | Moore Charles H | Circular register arrays of a computer |
| US8825924B2 (en) | 2006-02-16 | 2014-09-02 | Array Portfolio Llc | Asynchronous computer communication |
| US20100281238A1 (en) * | 2006-02-16 | 2010-11-04 | Moore Charles H | Execution of instructions directly from input source |
| US7904615B2 (en) | 2006-02-16 | 2011-03-08 | Vns Portfolio Llc | Asynchronous computer communication |
| US7617383B2 (en) | 2006-02-16 | 2009-11-10 | Vns Portfolio Llc | Circular register arrays of a computer |
| US7966481B2 (en) | 2006-02-16 | 2011-06-21 | Vns Portfolio Llc | Computer system and method for executing port communications without interrupting the receiving computer |
| US7752422B2 (en) * | 2006-02-16 | 2010-07-06 | Vns Portfolio Llc | Execution of instructions directly from input source |
| US7555637B2 (en) | 2007-04-27 | 2009-06-30 | Vns Portfolio Llc | Multi-port read/write operations based on register bits set for indicating select ports and transfer directions |
| US20080270648A1 (en) * | 2007-04-27 | 2008-10-30 | Technology Properties Limited | System and method for multi-port read and write operations |
| US7783666B1 (en) | 2007-09-26 | 2010-08-24 | Netapp, Inc. | Controlling access to storage resources by using access pattern based quotas |
| US9270445B2 (en) * | 2008-05-28 | 2016-02-23 | Samsung Electronics Co., Ltd. | Solid state disk and input/output method |
| US20090300372A1 (en) * | 2008-05-28 | 2009-12-03 | Samsung Electronics Co., Ltd. | Solid state disk and input/output method |
| US20100023730A1 (en) * | 2008-07-24 | 2010-01-28 | Vns Portfolio Llc | Circular Register Arrays of a Computer |
| DE102014206006A1 (en) * | 2014-03-31 | 2015-10-01 | Siemens Aktiengesellschaft | Method and device for manipulation protection of a computing device |
Also Published As
| Publication number | Publication date |
|---|---|
| GB9001020D0 (en) | 1990-03-14 |
| DK14790A (en) | 1990-07-20 |
| FR2641880A1 (en) | 1990-07-20 |
| DE3901457A1 (en) | 1990-08-02 |
| FR2641880B1 (en) | 1995-02-03 |
| BE1003791A5 (en) | 1992-06-16 |
| IT1236919B (en) | 1993-04-26 |
| DE3901457C2 (en) | 1990-11-15 |
| DK14790D0 (en) | 1990-01-18 |
| IT8922811A0 (en) | 1989-12-22 |
| IT8922811A1 (en) | 1991-06-22 |
| GB2228350B (en) | 1993-04-28 |
| GB2228350A (en) | 1990-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5396609A (en) | Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions | |
| CA2031506C (en) | Protection system for a memory cartridge | |
| US6875109B2 (en) | Mass storage data protection system for a gaming machine | |
| JP3023425B2 (en) | Data processing device | |
| US4388695A (en) | Hardware memory write lock circuit | |
| US4523271A (en) | Software protection method and apparatus | |
| US4959860A (en) | Power-on password functions for computer system | |
| JP3529800B2 (en) | Data protection microprocessor circuit for portable data carrier | |
| KR100929870B1 (en) | How to keep BIOS security of computer system | |
| US6920566B2 (en) | Secure system firmware by disabling read access to firmware ROM | |
| JPS6237419B2 (en) | ||
| US6405311B1 (en) | Method for storing board revision | |
| US6473853B1 (en) | Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line | |
| US5778199A (en) | Blocking address enable signal from a device on a bus | |
| JPS62160554A (en) | Device for preventing wrong access to memory | |
| JPS6074059A (en) | Access control system for storage device | |
| JPH0822419A (en) | Miswriting prevention system | |
| JPH08129508A (en) | Computer system and its shared memory control method | |
| JPS63250753A (en) | Memory access checking system | |
| KR20000009381A (en) | Memory writing protection apparatus of computer system | |
| JPH0538385A (en) | Program copy preventing device | |
| JPH02105240A (en) | Virtual storage managing device | |
| JPH05334195A (en) | Information processor | |
| JPH01180656A (en) | Memory protecting device | |
| JPS6074060A (en) | Storage protecting device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment |
Owner name: GESELLSCHAFT FUR STRAHLEN- UND UMWELTFORSCHUNG MBH Free format text: ASSIGNMENT OF ASSIGNORS INTEREST.;ASSIGNORS:SCHMIDT, KARL-HEINZ;MENACHE, GEORG;WAIDELICH, WILHELM;REEL/FRAME:005220/0096 Effective date: 19900112 |
|
| FPAY | Fee payment |
Year of fee payment: 4 |
|
| REMI | Maintenance fee reminder mailed | ||
| LAPS | Lapse for failure to pay maintenance fees | ||
| STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
| FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20030307 |